Vulnerabilities > CVE-2013-4836 - Remote Code Execution vulnerability in Application Lifecycle Management Synchronizer

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2013-11-04

Updated: 2019-10-09

Summary

Unspecified vulnerability in the GossipService SOAP Request implementation in the Synchronizer component before 1.4.2 in HP Application LifeCycle Management (ALM) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1759.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP ALM Synchronizer 1.10 HP ALM Synchronizer 1.20 HP ALM Synchronizer 1.30 HP ALM Synchronizer 1.40 HP ALM Synchronizer 1.41 HP Application Lifecycle Management -	6

References

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969436